4.3.2 Correctly Using Smart Pointers

Smart pointers were introduced in Crystal Space stable version 0.96
(developmental version 0.95). The purpose of smart pointers is to make it
easier to manage reference counting. Instead of manually calling
IncRef() and DecRef() on an object, you use a smart pointer
(csRef<>) and let it manage the reference count automatically. The
csRef<> smart pointer template works with any class which provides
IncRef() and DecRef() methods, such as `csRefCount', as well
as all SCF classes. The csRef<> template is defined in
`CS/include/csutil/ref.h'.

How to Use Smart Pointers

This is easy. For example, often you want to keep track of a few
common objects in your main class (such as the pointer to the engine and
so on). To do this you just declare in your main class:

class MyClass
{
csRef<iEngine> engine;
...
}

Smart pointers do not need to be initialized, so there is no need to write
`engine = 0' in the constructor of your class. There is also no need to
clean them up. The reference to the engine, in the example, will be cleaned up
automatically when the instance of MyClass is destroyed.

Here is an example of assigning a valid object to the `engine' smart
pointer and then utilizing that pointer (assuming the engine plugin is loaded):

The advantage might not seem huge but, in general, it is a lot easier to
use smart pointers than to manually manipulate reference counts. The nice
thing about smart pointers is that you can use them exactly like you would use
a normal pointer (i.e. you can do things like engine->CreateSector()).

Transitioning between Smart Pointers and Normal Pointers

Smart pointers can be assigned to normal pointers and vice versa. However, you
need to be aware of the interactions with reference counting.

Assigning a smart pointer to a normal pointer does not change the
reference count of the object. This can be beneficial as the reference
counting overhead is avoided. It can also be dangerous, as the normal pointer
will become dangling when the referenced object is destroyed! This means that
storing in a normal pointer is suitable for short-term storage, when it's
certain that the referenced object won't be released durign the lifetime of
the normal pointer. If that's not guaranteed use a csRef<> instead.

Assigning a normal pointer to a smart pointer does change the reference
count: ownership is taken, ie the reference count is increased. This can
cause a leaked reference in certain circumstances. One notable instance is
the assignment of an object just allocated with `new' to a smart pointer:
the object will start with a reference count of 1, but the assignment to the
smart pointer will also increase the reference count, which errorneously
becomes 2. The last "phantom" reference will never be release, causing a
leak.

The recommend way to deal with that is to never assign an object
allocated with `new' to a smart pointer directly. Instead use it's
AttachNew() method which will take care of the proper reference
counting.

When to Use csRef<>?

Use csRef<> wherever you need to own a reference to a reference-counted
object. The above examples illustrate a few cases in which csRef<> is
warranted. If you do not need to own a reference to a reference-counted
object, and you know positively that the object will exist for the duration of
a piece of code, then you can use a plain pointer rather than a smart pointer.
However, for complete safety, using csRef<> will ensure that a
reference-counted object will remain valid for as long as the csRef<>
remains alive. For this reason, it is often simplest to utilize csRef<>
when dealing with reference-counted objects, rather than plain pointers.

csRef<> is also a very handy and 100% safe mechanism for transferring
object ownership from a function back to its caller. This is useful in cases
when the caller of a function wants to take ownership of a brand new object
created by the function on the caller's behalf. For example:

The reason that this is 100% safe is that the newly created object is correctly
destroyed (not leaked) even if the caller of MyFunction() forgets or
neglects to assign it to a variable.

When to Use csWeakRef<>?

Another smart pointer class is csWeakRef<>. The significant difference
to csRef<> is that a "weak" reference is not owning. However,
unlike raw pointers, csWeakRef<> prevents the risk of a "dangling
pointer" (a pointer referencing a freed, thus invalid, object): when the
referenced object gets destroyed, all weak references to it are automatically
set to null.

A common application of weak references is the prevention of circular
references. When two objects reference each other with csRef<>s
neither will be destructed as long as the references are held: Destruction
happens when the reference count of an object drops to zero -
however, object `A' is owned by object `B', thus it's reference
count will not be decreased until object `B' is destructed. But object
`B' in turn is owned by object `A', and that reference is not
released until object `A' is destructed. This circular dependency leads
to neither objects being released automatically.

To prevent this scenario one reference can be made a csWeakRef<>
instead. If object `B' holds only a weak reference to object `A',
this reference will become null when `A' is destroyed, and `B' may
also be destroyed if `A' held the last reference to it.

As all weak references to an object are automatically set to null when the
object gets destroyed care must be taken when accessing a weak referenced
object: the reference may become null at any time, after all. In practice
that means that before dereferencing a weak reference you should check whether
it still points to a valid object (with the IsValid() method or a
comparison with 0):

What About csPtr<>?

csPtr<> is a companion class. Originally, it aided in the transition
from the old (pre-smart pointer) API to the new one. The idea was that
all functions that used to return a pointer, upon which the caller had to
invoke DecRef(), now return a csPtr<>. These days,
csPtr<> is usually used as a micro-optimization when transferring object
ownership from a function to its caller, and as an ugly shortcut when assigning
a new object to a csRef<> (instead of the more obvious
csRef<>::AttachNew() method).

csPtr<> represents a single, owned, one-time-transferable reference to
an object and should be used only as the return value of a function, or when
creating a brand new object which is assigned directly to a csRef<>.
csPtr<> never invokes IncRef() or DecRef(). It simply
stores the pointer. csPtr<> is very specialized, and exists solely as a
mechanism for transferring an existing reference into a csRef<>.

Although it is safest and cleanest for a function to transfer ownership of a
new object back to its caller by returning a csRef<>, it is also
possible to utilize csPtr<> for this purpose. This can be done as a
micro-optimization in order to avoid the very minor overhead of the extra
reference-count manipulation incurred when returning a csRef<> from a
function. Note carefully, however, that you should never return a
csPtr<> from a function if there is any chance that the caller might
ignore the returned value since that would result in a resource leak.
Returning a csRef<> ensures that the returned object can never be
leaked, even if the caller neglects to assign it to a variable.

There is only one valid way to use the result of a function which returns a
csPtr<>: assign it to a csRef<>. For example:

When a csPtr<> is assigned to a csRef<>, the reference owned by
the csPtr<> is transferred to the csRef<> without an additional
IncRef(); that is, csRef<> inherits, steals, or hijacks the
reference owned by the csPtr<>.

To make it easier for functions to actually return a csPtr<> even though
they are working internally with a csRef<> there is also an
explicit conversion from csRef<> to csPtr<>; which means
that a csPtr<> can be constructed from a csRef<> if the
csPtr<> constructor is called explicitly with a csRef<> as its
sole argument. This means that the following code is valid:

What happens, in this case, is that the csPtr<> constructor which
accepts a csRef<> will call IncRef() on the object. This is
necessary because when the csRef<> inside MyFunction() goes out
of scope it will call DecRef() automatically; potentially destroying the
object.

The following usage, however, is incorrect:

iFoo* MyFunction ()
{
csRef<iFoo> foo = ...;
...
return foo;
}

This is incorrect because here nothing calls IncRef() on the returned
pointer, yet the csRef<> will still call DecRef() upon
destruction, which means, at best, the function is returning ownership of an
object even though it does not hold ownership, and, at worst, it is potentially
returning a destroyed object.

As noted above, the transfer of object ownership
to the caller of a function should almost always be handled by returning a
csRef<> or a csPtr<> rather than a bare iFoo*. However,
if you really must return a normal pointer, then you have to ensure that you
actually own a reference which you can return to the caller. Here is how the
above example can be re-written so that it works correctly:

If you prefer obscurity and brevity over clarity, you can also use
csPtr<> as a shortcut, in place of csRef<>::AttachNew(), when
assigning a newly allocated object to a csRef<>. The following idiom
ensures that the reference count of the new object is correctly maintained.

csRef<iView> view = csPtr<iView> (new csView (...));

This works
correctly because the new object (`new csView') already automatically has
a reference-count of 1 at construction time. By encapsulating the new object
pointer in a csPtr<>, csRef<> is instructed to not invoke
IncRef() on the incoming object, but rather to simply inherit the
reference already owned by the csPtr<>. By contrast, the following code
is incorrect and will result in a resource leak since the object's
reference-count will be 2, rather than one; one reference from the `new'
operation, and one from the IncRef() invocation performed by the
csRef<>.

// Do not do this! It will cause a resource leak.
csRef<iView> view = new csView (...);

WARNING: Only use csPtr<> in the situations described above!
Never use a csPtr<> to store an object. Never pass
csPtr<> instances as arguments to other functions.

What to do With a Function Return Value?

In the Crystal Space API there are three possible modes by which
reference-counted object pointers are returned:

The function returns a normal pointer. This mode is used when the function is
simply returning a pointer to an existing object; and moreover an object to
which the function is not transferring ownership to the caller. In this
case you can assign the return value to a normal pointer or to a
csRef<>. If you assign the return value to a normal pointer, then you
will not own a reference to the returned object. If you assign it to a
csRef<>, then the csRef<> will increment the reference count at
assignment time, and decrement it again when the csRef<> destroyed.

The function returns a csRef<>. In this case the function is
requesting that you take ownership of the returned object because it
(the function) will be giving up ownership. By taking ownership, you ensure
that the object does not get destroyed prematurely. You can assign the
returned csRef<> to another csRef<>. It may also be safe to not
store the pointer but instead directly use it like this,
Function()->DoSomething() (however, some older compilers might destroy
the csRef<> before DoSomething() is actually called, so be
careful). It is not safe to assign the result of a function returning a
csRef<> to a normal pointer because doing so will result in a resource
leak since, after assignment, an immediate DecRef() will occur which may
cause destruction of the object. Finally, it is safe to ignore the return
value from a function returning a csRef<> since the csRef<> will
ensure that the owned reference is properly cleaned up even if you neglect to
assign it to a variable or use it directly.

The function returns a csPtr<>. In this case the function is
demanding that you take ownership of the returned object because it (the
function) will be giving up ownership. You must assign the returned
csPtr<> to a csRef<> in order to utilize it. The csRef<>
will inherit the reference from the csPtr<>. When the csRef<>,
to which the csPtr<> was assigned, is finally destroyed, the reference
count will be decremented properly. It is never safe to ignore the
return value from a function returning a csPtr<> since doing so would
result in a resource leak.

What to do With a Function Parameter?

It's not uncommon that a reference to an object is to be taken as a function
parameter. Using a smart pointer for that is usually not necessary: consider
that you can usually assume that an object passed in as a parameter stays
valid during the function execution (a scenario where this is not the case can
even be considered pathological). This means that having the parameter keep a
reference to the object passed in is unnecessary (and, considering that
reference keeping incurs a small overhead, possibly even undesireable).
As smart pointers automatically convert to normal pointers it's not a problem
to declare parameters for references as normal pointers. Likewise, when the
reference passed in is to be retained it's no problem to assign them to a
csRef<> object to take ownership.

// Passing a csRef<iFoo> as parameter: usually unnecessary
void Bar (csRef<iFoo>& stuff) { ... }
// iFoo* is usually completely adequate
void Baz (iFoo* stuff)
{
...
/* If 'stuff' runs the risk of being released you can always assign it to
* a csRef<> in the function body. */
csRef<iFoo> keepRef = stuff;
...
}

Warnings About csPtr<>!

As noted above, only use csPtr<> for returning already incremented
object references, and for wrapping a new object before storing it in a
csRef<>. Do not use csPtr<> for any other purpose.

Also, when a function returns a csPtr you must assign the result
to a csRef<>. You must not ignore the returned value. If you ignore
it, then that will result in a resource leak because DecRef() will never
be invoked for the reference owned by the returned csPtr<>. For
example, the following code is illegal and should be avoided because it ignores
the returned object:

Note that if you build the project in debug mode, then Crystal Space will add a
run-time test for this incorrect usage, and will throw an exception if you
neglect to assign a returned csPtr<> to a csRef<>.

Warning About IncRef() and DecRef()!

When using smart pointers (csRef<>) correctly you should avoid invoking
IncRef() and DecRef() on the managed pointer, except in very
specialized cases, and only when you know exactly what you are doing and why
you are doing it. Avoid constructs like this:

csRef<iMeshWrapper> mesh = ...;
...
mesh->DecRef ();
mesh = 0;

The bogus code in this example will cause the reference-count to be decremented
twice--once when DecRef() is invoked explicitly, and once when 0
is assigned to `mesh')-which is almost certainly not what was intended.

Warning About DestroyApplication()!

Due to the way the current implementation of
csInitializer::DestroyApplication() works, you must ensure that
all of your references to Crystal Space objects are released before
invoking DestroyApplication(). Therefore, the following code is
not legal:

The reason this doesn't work correctly is that the `plugin_mgr' reference
will be cleaned up at the end of main(), which occurs after
DestroyApplication() is invoked. To fix this you can use several
techniques. Manually setting `plugin_mgr' to 0 just before calling
DestroyApplication() is one method. Another technique is to put the
initialization into another routine so that `plugin_mgr' is created in
another scope; a scope which is destroyed before DestroyApplication() is
invoked.

For the same reason it also is not wise to call DestroyApplication()
from within the destructor of your main class. This is because any
csRef<> instance variables of your main class will not be destroyed
until the very end of the destructor, which is after the invocation of
DestroyApplication() in the body of the destructor.